Active Directory Engineer – Specialist

Join a world-class academic healthcare system, UChicago Medicine, as an Active Directory Engineer – Specialist in our Information Security department. This position will be primarily a work-from-home opportunity with the requirement to come onsite as needed.

This individual will be part of the Security Engineering team and will play a key role in Active Directory modernization, hybrid cloud identity integration, domain consolidation, and enterprise-grade SSO solutions. This position helps administer and provides leadership of the day-to-day operations of key system environment(s). It also involves designing, administration, analysis, troubleshooting, and documenting complex technology systems, understanding their business impact, and making decisions to maximize system availability.

• Architect, implement, and support hybrid identity infrastructure integrating on-prem Active Directory with cloud-based services (e.g., Azure AD, Entra ID, Okta, AWS IAM).
• Lead domain migration and consolidation projects across complex enterprise environments.
• Manage and optimize LDAP directories and identity sync tools between internal and external systems.
• Design and maintain secure, scalable SSO configurations using SAML, OAuth, OIDC, and federation technologies.
• Develop and enforce Group Policy Objects (GPOs), domain trusts, and domain controller health.
• Responsible for all activities related to system administration, continuously reviewing and improving current processes and procedures.
• Analyze causes of issues, delays, or problems and take corrective actions.
• Ensure long-term requirements of systems operations are included in organizational planning.
• Responsible for installation, maintenance, configuration, and integrity of systems software.
• Maintain and upgrade hardware and software, including hardware architecture and network connectivity.
• Implement OS enhancements to improve system reliability and performance.
• Establish/recommend policies on system use and services.
• Design, support, and implement Disaster Recovery and High Availability plans.
• Mentor less experienced Security Engineers and stay current with system technology trends.

• BS or BA degree in Computer Science, Engineering, or equivalent experience.
• Experience in AD Domain consolidation.
• Experience working with domain trusts and multi-forest/multi-domain organizations.
• Knowledge of modern Directory Services architectures.
• Experience with EntraID / Azure Active Directory.
• Experience with on-prem, Cloud, and hybrid directory environments.
• Hands-on experience with PowerShell scripting.
• Familiarity with identity federation (ADFS, SAML, OAuth) and hybrid identity configurations.
• Understanding of security best practices for AD, including tiered administration models.
• Familiarity with identity governance and privileged access management solutions.
• Independent problem-solving skills with attention to detail.
• Ability to work independently or in a team.
• Excellent listening, organizational, and communication skills.

• Master’s degree.
• Healthcare experience.

• Job Type/FTE: Full Time (1.0 FTE)
• Shift: Days
• Location: Remote
• Unit/Department: Information Security Office